South Korea’s data protection regulator has imposed a record fine of 624.7 billion won ($410 million) on e-commerce giant Coupang for privacy breaches. This includes a significant data breach affecting over 37 million users. The fine comprises 423.6 billion won for the data breach and an additional 201.1 billion won for unauthorized collection of online user activity records and other violations.
This penalty marks the highest ever imposed by the regulator on a company for a single data breach and multiple violations. The watchdog’s chief stated that Coupang failed to have adequate systems in place to protect and manage personal information despite its rapid growth through innovative e-commerce services.
Coupang reported a massive data breach last November, exposing personal information like names, phone numbers, and delivery details of South Korean users. The breach impacted around 37.5 million users, including both members and non-members. The fine for this breach surpasses the regulator’s previous record fine of 134.8 billion won against SK Telecom Co. for a data leak.
The regulator also found that Coupang collected online activity records of 11.17 million users without consent, detailing the websites and applications they visited. Moreover, the company was found to have inadequately managed advertisement partners who posted “hi-jacking” ads. Additionally, Coupang’s logistics arm, Coupang Fulfillment Services, was fined 248 million won for various privacy violations, including maintaining a list of journalists on an employment restriction list.
